Hi, On Fri, Jul 13, 2012 at 5:20 PM, Robert Hook <[email protected]> wrote: > Folks, I've worked myself into a state of deep confusion around this. I want > to be able to access jetty with jconsole, remotely, but very (very) much > want to have password authentication on that, as the service in question may > be on a publicly facing server (yes, we will be deploying with firewalls and > so forth that should prevent it being open to the world, but > defence-in-depth and all that) > > I've attempted to add the usual com.sun.management.jmxremote* properties to > the JVM by adding them to start.ini, which worked when i did not have > etc/jetty-jmx.xml enabled. But of course, then I only got a very limited set > of beans, and not the jetty ones (or our own) that I was interested in. If I > re-enabled etc/jetty-jmx.xml, there were problems because that config file > was creating a RMI registry and connector on the ports I'd specified in > start.ini > > I tried removing the definition of the RMI registry and connector in > etc/jetty-jmx.xml, and nothing worked. > I tried removing the RMI registry and port information from the > com.sun.management.jmxremote* properties in start.ini, and it looked like > com.sun.management.jmxremote.authenticate was entirely ignored. > > So in the end it looks like the right way to enable remote jmx access is to > use the stock etc/jetty-jmx.xml, but I've searched high, low and in the > middle and cannot find any information on how to then secure the service > exposed by that configuration.
Start from etc/jetty-jmx.xml. Modify the constructor of ConnectorServer to take, as second parameter, a Map, therefore using this 3 parameters constructor: http://download.eclipse.org/jetty/stable-7/apidocs/org/eclipse/jetty/jmx/ConnectorServer.html#ConnectorServer%28javax.management.remote.JMXServiceURL,%20java.util.Map,%20java.lang.String%29 The Map should contain two keys as explained here: https://blogs.oracle.com/lmalventosa/entry/jmx_authentication_authorization. Use case #1 is probably the simplest for you. Let us know if it worked. Simon -- http://cometd.org http://webtide.com Developer advice, services and support from the Jetty & CometD experts. ---- Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability, the implementation technique must be flawless. Victoria Livschitz _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
